Kroll’s Threat Landscape report reveals that insider threat has risen to its highest quarterly level to date.
This and other notable threats from the previous quarter are discussed in our Q3 2022 report.
Malware jumps, insider threat soars
The report also covers how, with email compromise plateauing at 30% and the ratio of overall ransomware attacks declining in the third quarter, Kroll observed modest increases in other threat incident types, such as unauthorized access (27%), web compromise (7%) and malware (5%).
The new report discusses how the sharp rise in insider threat has been driven by the impact of what was dubbed the “great resignation” in the media, in which many employees sought new opportunities in the wake of the COVID-19 pandemic, alongside the shift to remote working. While always a challenge, the risk of insider threat is particularly high during the employee termination process with disgruntled employees potentially seeking to steal data or company secrets to publicly undermine an organisation or move over data that they can leverage at their new organisations.
After declining in Q2, web compromise saw a small uptick in Q3. Malware (excluding ransomware) saw a jump from 1% in Q2 to 5% of cases in Q3. This increase is likely linked to the proliferation of information-stealing malware such as Redline, Raccoon, Vidar and URSA. These types of malware, also known as “info-stealers,” are typically spread through phishing campaigns.
A rise in attacks via USB
The report reveals an increase in USB-based malware cases targeting clients in recent months. Over the past two years, due to the pandemic, the hybrid work model has increased in use among many organisations. This change resulted in many employees starting to use their own devices to carry out their day-to-day tasks, using USBs to transfer data from one device to another. In Q3 2022, threat actors and cybercriminal groups were observed sending and dropping USB drives to victims’ offices with the intention of operators gaining access to their devices after the USB drives were plugged in.
Ransomware activity: variable but impactful
The report discusses how, with Conti officially shutting down their actor-controlled site on June 23, the official release of LockBit 3.0 dominated the ransomware headlines in the first part of Q3. It is against this backdrop that Kroll saw its incidence of LockBit cases increase dramatically during the quarter. The report also looks at the impact of high profile ransomware attacks on the education sector.
Recognizing the threat within
As a result of the surge in insider threats, organisations must be vigilant about assessing their potential security threats in the final quarter of 2022 and beyond. This is from multiple perspectives, including both external threats and those hidden within the organisation. The new report outlines a number of recommendations to help organisations defend against insider and physical threats. This includes deploying, managing and monitoring Endpoint Detection & Response (EDR) sensors to all endpoints within the network and employing digital risk protection solutions such as Kroll’s CyberDetectER® DarkWeb.